The Rhysida ransomware group has claimed responsibility for breaching the Government of Peru’s official digital platform, Gob.pe. The group published images of multiple documents allegedly stolen from the platform on May 2, 2025.

The group claimed the theft of 1510 GB of sensitive data, including patient records, insurance, and financial information. Interlock leaked DaVita’s alleged stolen files on their data leak site.

The campaign has been active since at least November 2024, Lazarus Group is targeting South Korean organizations using watering hole tactics and exploiting software vulnerabilities.

Legends International, a global sports and entertainment venue management firm, has disclosed a data breach that occurred in November 2024. The breach affected both employees and visitors to venues managed by the company.

Security researchers at Huntress warn of attacks in the wild exploiting a critical vulnerability, tracked as CVE-2025-30406, in Gladinet CentreStack and Triofox software.

Car rental giant Hertz Corporation disclosed a data breach that impacted its Hertz, Thrifty, and Dollar brands. Threat actors gained access to customer data via Cleo zero-day exploits in late 2024.

The US Treasury’s Office of the Comptroller of the Currency (OCC) disclosed an undetected major email breach for over a year. The OCC reviewed email logs since 2022, disabled impacted accounts, and reported the breach to CISA.

This week, Google has released out-of-band fixes to address a high-severity security vulnerability, tracked as CVE-2025-2783, in the Chrome browser for Windows. The flaw was actively exploited in attacks targeting organizations in Russia.

While DeepSeek is rising in popularity, threat actors are attempting to exploit it by using fake sponsored Google ads to distribute malware, Malwarebytes researchers warn. Attackers are using DeepSeek as a lure to trap unsuspecting Google searchers.

Resecurity discovered a local file inclusion flaw in the data leak site used by BlackLock Ransomware, allowing them to uncover clearnet IP addresses and other details about the cybercriminals' network, aiding in the investigation and disruption.